﻿<?
	@session_start();
	@require_once("DatabaseExec.php");
	@require_once("Utility.php");
	
	$profileId = GetParam('profileId');
	$Username = GetParam('Username');
	$Password = GetParam('Password');
	$Name = GetParam('Name');
	$NickName = GetParam('NickName');
	$UserStatus = GetParam('UserStatus');
	$Birthday = GetParam('Birthday');
	$Job = GetParam('Job');
	$WorkPlace = GetParam('WorkPlace');
	$Discipler = GetParam('Discipler');
	$Group = GetParam('Group');
	$Church = GetParam('Church');
	$CellGroup = GetParam('CellGroup');
	$ProfileRank = GetParam('ProfileRank');
	$phone = GetParam('phone');
	$email = GetParam('email');
	$facebook = GetParam('facebook');
	$address = GetParam('address');
	$province = GetParam('province');
	$postcode = GetParam('postcode');
	$university = GetParam('university');
	$zone = GetParam('zone');
	
	$func = GetParam('func');
	
	SaveData();
	
	function SaveData()
	{
		global $func,$profileId;
		if($func == 'save')
		{
			if(UpdateInfo()) 
				if(UpdateDetail())
					echo "Success";
				else echo "Fail";
			else
				echo "Fail";
		}
		else if($func == 'create')
		{
			if(IsAccountExist())
			{
				echo "['UserExist','username นี้ถูกใช้แล้วกรุณาใช้ username อื่น']";
			}
			else if(CreateInfo())
				if(CreateDetail()){
					$_SESSION['profileId'] = $profileId;
					$_SESSION['canAccess'] = 'true';
					echo "['Success','$profileId']";
			}
			else echo "Fail";
		}
	}
	
	function IsAccountExist()
	{
		global $Username;
		$sql = "SELECT user FROM userlogin WHERE user='$Username'";
		$groupRows = ExecSQL($sql);
		if($groupRows != null && count($groupRows) > 0)
			return true;
		return false;
	}
	
	function CreateInfo()
	{
		global $profileId, $Name, $NickName, $Group;
		global $Username, $Password;
		if(!IsEmpty(array($Name, $NickName, $Group)))
		{
			if($Group != '')
			{
				$sql = "SELECT * FROM `group` WHERE groupName = '$Group'";
				$groupRows = ExecSQL($sql);
				$groupId = $groupRows[0];
			}
			
			$nm = GetName($Name);
			$ls = GetLastName($Name);
		
			$sql = "INSERT INTO userinfo(name,lastname,nickName,typeStatusId) VALUES
				('$nm','$ls','$NickName','$groupId')";
			
			$rs1 = ExecNonQuerySQL($sql);
			if($rs1)
			{
				$profileId = mysql_insert_id();
				$pass = rand(0,9) . $Password;
				$sql = "INSERT INTO userlogin VALUES($profileId,'$Username','$pass',1,'Y')";
				return ExecNonQuerySQL($sql);
			}
			return false;
		}
		return false;
	}
	
	function UpdateInfo()
	{
		global $profileId, $Name, $NickName, $Group, $ProfileRank;
		if(!IsEmpty(array($Name, $NickName, $Group, $ProfileRank)))
		{
			if($Group != '')
			{
				$sql = "SELECT * FROM `group` WHERE groupName = '$Group'";
				$groupRows = ExecSQL($sql);
				$groupId = $groupRows[0];
			}
			
			$nm = GetName($Name);
			$ls = GetLastName($Name);
		
			$sql = "UPDATE userinfo SET ";
			$sqlSet = "";
			if($nm != '' && $nm != '-')	$sqlSet = $sqlSet . ",name='$nm' ";
			if($ls != '' && $ls != '-')	$sqlSet = $sqlSet . ",lastname='$ls' ";
			if($NickName != '' && $NickName != '-')	$sqlSet = $sqlSet . ",nickName='$NickName' ";
			if($Group != '' && $Group != '-')	$sqlSet = $sqlSet . ",typeStatusId='$groupId' ";
			if($ProfileRank != '' && $ProfileRank != '-')	$sqlSet = $sqlSet . ",rank='$ProfileRank' ";
			$sql = $sql . substr(trim($sqlSet),1) . " WHERE profileId='".$profileId."'";
			//echo $sql . "<br/>";
			return ExecNonQuerySQL($sql);
		}
		return false;
	}
	
	function CreateDetail()
	{
		global $profileId,$phone, $email, $Name;
		
		if(!IsEmpty(array($phone, $email,$Name)))
		{
			$nm = GetName($Name);
			$ls = GetLastName($Name);
			//if($nm != '')
			//{
				//$sql = "SELECT profileId FROM `userinfo` WHERE name = '$nm' AND lastname = '$ls'";
				//$groupRows = ExecSQL($sql);
				
				//$profileId = "";
				//if($groupRows && $groupRows[0] != '' && $groupRows[0] != '0') $profileId = $groupRows[0]; else return false;
			//}
			$sql = "INSERT INTO userdetail(profileId,phone,mail) VALUES
			('$profileId','$phone','$email')";
			
			return ExecNonQuerySQL($sql);
		}
		return false;
	}
	
	function UpdateDetail()
	{
		global $profileId, $UserStatus, $Birthday, $Job, $WorkPlace, $Discipler, $Church, $CellGroup, $phone, $email, $facebook, $address, $province, $postcode, $university, $zone;
		
		if(!IsEmpty(array($UserStatus, $Birthday, $Job, $WorkPlace, $Discipler, $Church, $CellGroup, $phone, $email, $facebook, $address, $province, $postcode, $university, $zone)))
		{
			if($Discipler != '')
			{
				$disciplerName = GetName($Discipler);
				$disciplerLastName = GetLastName($Discipler);
				$sql = "SELECT profileId FROM `userinfo` WHERE name = '$disciplerName' AND lastname = '$disciplerLastName'";
				$groupRows = ExecSQL($sql);
				
				$disciplerId = "";
				if($groupRows && $groupRows[0] != '' && $groupRows[0] != '0') $disciplerId = $groupRows[0];
			}
		
			$sql = "UPDATE userdetail SET ";
			$sqlSet = "";
			if($UserStatus != '' && $UserStatus != '-')	$sqlSet = $sqlSet . ",`status`='$UserStatus' ";
			if($Birthday != '' && $Birthday != '-')	$sqlSet = $sqlSet . ",birthday='$Birthday' ";
			if($Job != '' && $Job != '-')	$sqlSet = $sqlSet . ",job='$Job' ";
			if($WorkPlace != '' && $WorkPlace != '-')	$sqlSet = $sqlSet . ",workplace='$WorkPlace' ";
			if($disciplerId != '' && $disciplerId != '-')	$sqlSet = $sqlSet . ",disciplerId='$disciplerId' ";
			if($Discipler != '' && $Discipler != '-')	$sqlSet = $sqlSet . ",disciplerName='$Discipler' ";
			if($Church != '' && $Church != '-')	$sqlSet = $sqlSet . ",church='$Church' ";
			if($CellGroup != '' && $CellGroup != '-')	$sqlSet = $sqlSet . ",cellGroup='$CellGroup' ";
			if($phone != '' && $phone != '-')	$sqlSet = $sqlSet . ",phone='$phone' ";
			if($email != '' && $email != '-')	$sqlSet = $sqlSet . ",mail='$email' ";
			if($facebook != '' && $facebook != '-')	$sqlSet = $sqlSet . ",facebook='$facebook' ";
			if($address != '' && $address != '-')	$sqlSet = $sqlSet . ",address='$address' ";
			if($province != '' && $province != '-')	$sqlSet = $sqlSet . ",province='$province' ";
			if($postcode != '' && $postcode != '-')	$sqlSet = $sqlSet . ",postcode='$postcode' ";
			if($university != '' && $university != '-')	$sqlSet = $sqlSet . ",university='$university' ";
			if($zone != '' && $zone != '-')	$sqlSet = $sqlSet . ",zone='$zone' ";
			
			$sql = $sql . substr(trim($sqlSet),1) . " WHERE profileId='".$profileId."'";
			//echo $sql . "<br/>";
			
			return ExecNonQuerySQL($sql);
		}
		return false;
	}
	
	function GetParam($paramName)
	{
		if(isset($_GET[$paramName]) && trim($_GET[$paramName]) != '')
			return trim(mysql_real_escape_string($_GET[$paramName]));
		else return "";
	}
	
	function IsEmpty($param)
	{
		for($i=0; $i < count($param);$i++)
		{
			if($param[$i] != '')
				return false;
		}
		return true;
	}
	
	function UpdatePic($fileName)
	{
		global $profileId;
		if($fileName != ''){
			$sql = "UPDATE userinfo SET profilePic='" . $fileName . "' WHERE profileId='".$profileId."'";
			return ExecNonQuerySQL($sql);
		}
		return false;
	}
?>